Randy Bush <[EMAIL PROTECTED]> writes: >> bogon block attacks % of attacks >> 0.0.0.0/7 65 0.01 >> 2.0.0.0/8 3 0.00 >> 5.0.0.0/8 3 0.00 >> 10.0.0.0/8 8794 1.21 >> 23.0.0.0/8 4 0.00 >> 27.0.0.0/8 7 0.00 >> 92.0.0.0/6 101 0.01 >> 100.0.0.0/6 374 0.05 >> 104.0.0.0/5 303 0.04 >> 112.0.0.0/5 775 0.11 >> 120.0.0.0/8 45 0.01 >> 127.0.0.0/8 6 0.00 >> 172.16.0.0/12 3646 0.50 >> 174.0.0.0/7 1 0.00 >> 176.0.0.0/5 1 0.00 >> 192.168.0.0/16 7451 1.02 >> 223.0.0.0/8 10 0.00 >> 224.0.0.0/3 8 0.00 > > well, we can see why andree wanted to look behind the 1918 stuff. it is > the elephant. > > thanks, danny! > > randy
In other words, our earlier estimate of 60% was way off... you can get 92.1% effectiveness at bogon filtering by just dropping 1918 addresses, a filter that you will never have to change. What's the operational cost trade-off with going after that remaining 7.9%? I'll betcha it's not justifiable. Maybe it's time to change the best current practices we recommend so that they stop biting us in the ass every time a chunk of our ever-dwindling pool of unused address space goes into play. My uncle used to tell this joke: Q: Why did the man hit himself in the head with a hammer? A: Because it felt so good when he stopped? -r
